Certificate Authentication

1. Infrastructure Overview

Module 1 - Splunk Components

• Identify Components
• How Splunk Scales

Module 2 - Pre-installation

• Hardware Requirements
• Installing on Virtual Environments
• Permissions
• Time Syncing
• What is Splunkd

Module 3 - Installing Splunk

• Installing on Linux/Installing on Window
• Installing Components
• SplunkWeb Administration
• Splunk Directory Structure

Module 4 - The Splunk Pipeline

• Understanding Data Flows & licensing
• .conf Files

Module 5 - Indexes

• Overview of Indexes
• Creating & Using Multiple Indexes
• Buckets

Module 6 - User and Roles

• Understanding Users, Roles, Methods

Module 7 - Data Inputs

• Overview of Inputs
• Upload Input
• Monitor Input
• Universal Forwarder
• Heavy Forwarder
• SSL for Forwarded Data
• Apps and Add-ons

Module 8 - Growing Your Deployment

• Setting up Search Peers
• DMC Overview

2. System Administration

Module 1 – Splunk Deployment Overview

• Splunk overview
• Identify Splunk components
• Identify Splunk system administrator role
• Identify Splunk installation steps
• Use Splunk CLI
• Enable the Monitoring Console (MC)

Module 2 – License Management

• Identify license types
• Describe license violations
• Add and remove licenses

Module 3 – Splunk Apps

• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions

Module 4 - Splunk Configuration Files

• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings

Module 5 - Splunk Indexes

• Understand how indexes function
• Understand the types of index buckets
• Create new indexes
• Explain the advantages of using multiple indexes
• Monitor indexes with Monitoring Console

Module 6 – Splunk Index Management

• Manage indexes with Splunk web
• Describe indexes.conf attributes and stanzas
• Customize index retention policies
• Delete events from an index
• Restore frozen buckets

Module 7 - Splunk User Management

• Add Splunk users using native authentication
• Describe user roles in Splunk
• Create a custom role
• Splunk authentication options

Module 8 - Configuring Basic Forwarding

• Identify forwarder configuration steps
• List Splunk forwarder types
• Configure the forwarder
• Identify forwarder configuration files

Module 9 - Distributed Search

• Describe how distributed search works
• Explain the roles of the search head and search peers
• Configure a distributed search group
• List search head scaling options

3. Troubleshooting & Workload Management 

Troubleshooting

Module 1 – Splunk Support Model

• Splunk support resources

Module 2 – Splunk Troubleshooting Methods and Tools

• Splunk troubleshooting approach
• Splunk diagnostic resources and tools

Module 3 – Clarifying the Problem

• Splunk deployment topology
• Index-time pipeline
• Metrics.log

Module 4 – Installation, Licensing, and Crash Problems

• Installation issues
• License issues
• Crash issues

Module 5 – Configuration Problems

• Input issues
• Monitoring console

Module 6 – Search Problems

• Search issues
• Job inspector

Module 7 – Deployment Problems

• Forwarding issues
• Deployment server issues

Module 8 – User Management Problems

• Splunk users and role capabilities
• Directory integration issues

Workload Management

Module 1 – Introduction to WLM

• Splunk Administrator challenges
• Overview of WLM
• WLM concepts
• CPU and memory resource allocation
• WLM requirements

Module 2 – Linux Configuration 

• Linux configuration for WLM
• Configuring systemd distributions
• Configuring non-systemd distributions
• WLM role requirements

Module 3 – Configuring WLM in Splunk Enterprise

• Preflight check
• Configuring workload categories
• Configuring workload pools
• Configuring workload rules
• Enabling workload management in Splunk

Module 4 – WLM Resource Allocation

• Assigning searches to WLM
• Re-assigning workload pools
• Monitoring WLM in the Splunk Monitoring Console